Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/OJQ_fejjzrDV-0sprZqMHSwXrEc.roa
File: OJQ_fejjzrDV-0sprZqMHSwXrEc.roa (raw, json)
Hash identifier: pRKGQbAYe7Dy9DGab2rWXNNddU8SWbxdSTbWiDqax4k=
Subject key identifier: 38:94:3F:7D:E8:E3:CE:B0:D5:FB:4B:29:AD:9A:8C:1D:2C:17:AC:47
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018CD6835138B5BEDB3B86CB60A578281D79
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/OJQ_fejjzrDV-0sprZqMHSwXrEc.roa
Signing time: Thu 04 Jan 2024 22:06:19 +0000
ROA not before: Thu 04 Jan 2024 22:06:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16589
IP address blocks: 213.159.10.0/23 maxlen: 24
213.159.12.0/23 maxlen: 24
195.133.208.0/23 maxlen: 24
194.135.26.0/23 maxlen: 24
89.37.216.0/23 maxlen: 24
85.204.148.0/22 maxlen: 24
62.112.12.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:d6:83:51:38:b5:be:db:3b:86:cb:60:a5:78:28:1d:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Jan 4 22:06:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=38943f7de8e3ceb0d5fb4b29ad9a8c1d2c17ac47
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:27:48:8c:39:dc:99:d2:e3:d9:6c:39:57:63:
2c:36:18:b0:77:fe:8b:da:7e:5c:54:66:c2:4f:c4:
07:00:88:4d:28:08:54:ce:dc:56:cf:b5:47:90:7d:
03:fe:47:fd:8e:7b:44:0c:d4:92:98:45:6c:51:5e:
cf:c8:5e:b8:65:c3:e2:e8:f8:79:fe:0f:49:f9:df:
ec:6f:dd:e3:43:00:5a:40:3b:ff:cd:f9:03:a5:7c:
3d:ad:6c:24:d1:fe:a3:4b:ac:22:be:21:78:e4:7e:
8d:99:3e:6d:47:9a:50:35:7b:0a:e8:7c:fe:90:03:
0e:9a:c9:fc:35:77:e0:4c:84:19:64:75:ba:ac:2a:
fe:85:17:05:5c:37:62:a7:ca:58:a3:05:b7:77:42:
8c:36:8d:2e:1a:a9:60:a5:1a:ee:75:4e:ba:52:96:
ff:82:cc:94:f8:7b:ef:43:e3:db:05:70:1f:e3:2c:
72:46:f0:27:48:ec:af:49:c4:a7:df:35:cb:46:34:
0c:48:72:4e:b9:23:70:51:9e:2a:1e:03:d4:05:78:
d4:f2:61:b5:92:94:64:33:06:8f:26:5c:c9:b4:e9:
59:87:65:62:29:db:e7:b9:e7:84:c0:74:1e:02:4b:
ac:41:fb:26:3c:73:f1:a6:cd:2e:7c:a6:4f:e6:e7:
2e:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:94:3F:7D:E8:E3:CE:B0:D5:FB:4B:29:AD:9A:8C:1D:2C:17:AC:47
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/OJQ_fejjzrDV-0sprZqMHSwXrEc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.12.0/23
85.204.148.0/22
89.37.216.0/23
194.135.26.0/23
195.133.208.0/23
213.159.10.0-213.159.13.255
Signature Algorithm: sha256WithRSAEncryption
82:cf:f5:cc:c8:bf:b3:f0:a3:c2:f6:78:59:94:ce:eb:08:2d:
95:45:0f:b0:32:79:5f:4f:0c:7b:c0:4e:c7:56:9f:1d:0a:58:
09:9d:23:a0:44:15:16:4b:63:66:71:d5:d6:2c:ea:f3:41:3e:
d2:6e:90:df:06:8a:e9:41:14:83:57:3b:42:d6:79:bc:18:39:
b2:3a:92:a7:fd:62:e8:35:a1:67:c6:19:54:97:83:9d:88:68:
d2:86:c7:dc:90:e6:e2:e5:cc:65:5e:cd:45:bb:f4:da:fd:84:
b4:1e:30:f9:c4:20:31:e8:5a:94:30:17:d8:ef:b1:18:1d:b9:
c0:4c:94:2b:27:94:76:93:8b:04:d5:07:fd:5f:79:83:85:a5:
b5:67:53:7d:00:cb:ed:66:c2:63:43:34:cf:56:66:93:56:5a:
15:f3:98:bf:22:69:d9:7c:5a:7d:0f:b9:ce:2a:f8:63:72:8a:
a2:84:67:83:5c:7d:3c:fd:10:e1:c7:53:9b:c8:3a:35:f1:97:
48:dd:00:b3:c8:8d:0d:05:8f:27:4f:87:fb:36:23:0f:b8:dd:
a9:19:51:19:a8:39:30:75:e4:03:a0:be:d1:02:9e:f2:c1:5c:
00:0a:f4:b4:fe:db:18:7e:f0:3a:e9:cc:4a:42:1c:f2:34:83:
7b:e9:91:12
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYzWg1E4tb7bO4bLYKV4KB15MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwMTA0MjIwNjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODk0M2Y3ZGU4ZTNjZWIwZDVmYjRiMjlhZDlhOGMxZDJjMTdhYzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtydIjDncmdLj2Ww5V2MsNhiwd/6L
2n5cVGbCT8QHAIhNKAhUztxWz7VHkH0D/kf9jntEDNSSmEVsUV7PyF64ZcPi6Ph5
/g9J+d/sb93jQwBaQDv/zfkDpXw9rWwk0f6jS6wiviF45H6NmT5tR5pQNXsK6Hz+
kAMOmsn8NXfgTIQZZHW6rCr+hRcFXDdip8pYowW3d0KMNo0uGqlgpRrudU66Upb/
gsyU+HvvQ+PbBXAf4yxyRvAnSOyvScSn3zXLRjQMSHJOuSNwUZ4qHgPUBXjU8mG1
kpRkMwaPJlzJtOlZh2ViKdvnueeEwHQeAkusQfsmPHPxps0ufKZP5ucuUwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFDiUP33o486w1ftLKa2ajB0sF6xHMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvT0pRX2Zlamp6ckRWLTBzcHJacU1IU3dYckVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBPnAMAwQC
VcyUAwQBWSXYAwQBwocaAwQBw4XQMAwDBAHVnwoDBAHVnwwwDQYJKoZIhvcNAQEL
BQADggEBAILP9czIv7Pwo8L2eFmUzusILZVFD7AyeV9PDHvATsdWnx0KWAmdI6BE
FRZLY2Zx1dYs6vNBPtJukN8GiulBFINXO0LWebwYObI6kqf9Yug1oWfGGVSXg52I
aNKGx9yQ5uLlzGVezUW79Nr9hLQeMPnEIDHoWpQwF9jvsRgducBMlCsnlHaTiwTV
B/1feYOFpbVnU30Ay+1mwmNDNM9WZpNWWhXzmL8iadl8Wn0Puc4q+GNyiqKEZ4Nc
fTz9EOHHU5vIOjXxl0jdALPIjQ0FjydPh/s2Iw+43akZURmoOTB15AOgvtECnvLB
XAAK9LT+2xh+8DrpzEpCHPI0g3vpkRI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org